A hacker is selling access to the email accounts of hundreds of C-level executives, Operators behind Dark Caracal are still alive and operational, and more

Originally published at: https://cloudsek.com/threatintel/a-hacker-is-selling-access-to-the-email-accounts-of-hundreds-of-c-level-executives-operators-behind-dark-caracal-are-still-alive-and-operational-and-more/

Round Up of Major Breaches and Scams

Office 365 phishing campaign leverages Oracle and Amazon cloud services

Experts warn of a new sophisticated phishing scheme for stealing Office 365 credentials from small and medium-sized businesses in the U.S. The new sophisticated phishing scheme was implemented by threat actors for stealing Office 365 credentials, it leverages both cloud services from Oracle and Amazon for their infrastructure.

A hacker is selling access to the email accounts of hundreds of C-level executives

A threat actor is currently selling passwords for the email accounts of hundreds of C-level executives at companies across the world. The data is being sold on a closed-access underground forum for Russian-speaking hackers.

TurkeyBombing Puts New Twist on Zoom Abuse

Millions of family and friends, forced to spend Thanksgiving socially distant, are being targeted by cybercriminals as they turn to video platforms like Zoom to virtually be together. In this ongoing attack. Victims are targeted with a Zoom-related and Thanksgiving-specific hook reminiscent to ZoomBoming call it TurkeyBombing.

CBS Last.fm fixes admin password leakage via Symfony profiler

This week, British music streaming service, Last.fm has fixed a credential leakage issue that revealed admin username and password. The leak occurred due to a misconfigured PHP Symfony app running in “debug” mode and exposing profiler logs. With these credentials, attackers could’ve accessed and modified Last.fm user account details.

Round Up of Major Malware and Ransomware Incidents

Pennsylvania county pays 500K ransom to DoppelPaymer ransomware

Delaware County, Pennsylvania has paid a $500,000 ransom after their systems were hit by the DoppelPaymer ransomware last weekend. On Monday, Delaware County disclosed that they had taken portions of their computer network offline after discovering that their network was compromised.

Operators behind Dark Caracal are still alive and operational

The Dark Caracal APT group has carried out a series of attacks against multiple sectors using a new variant of a 13-year-old backdoor Trojan. The Dark Caracal is an APT group associated with the Lebanese General Directorate of General, in recent attacks it employed a new version of a 13-year-old backdoor Trojan dubbed Bandook.

Round Up of Major Vulnerabilities and Patches

Unofficial Patch Released for Windows 7 Zero-Day Vulnerability

An unofficial patch is now available through ACROS Security’s 0patch service for a zero-day vulnerability identified earlier this month in Windows 7 and Windows Server 2008 R2. The privilege escalation flaw exists because all users have write permissions for HKLM\SYSTEM\CurrentControlSet\Services\Dnscache and HKLM\SYSTEM\Current ControlSet\Services\RpcEptMapper, that could be used for code execution.